Privacy policy
Overview
The European Parliament and the Council of the European Union adopted Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (General Data Protection Regulation, in this document - GDPR, Regulation, or RGPD) on April 27, 2016, with its provisions becoming directly applicable on May 25, 2018. This Regulation specifically repeals Directive 95/46/CE, so superseding the provisions of Law No. 677/2001 (which is currently repealed).
The regulation is directly applicable in all member states, protecting the rights of all natural persons on European Union territory. In practice, the Regulation applies to all operators who process personal data. The Regulation does not apply to the processing of personal data pertaining to legal entities and, in particular, enterprises with legal personality, such as the name and type of legal entity, as well as the legal entity's contact information.
Personal data is defined as any information about an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific elements specific to his physical, physiological, genetic, psychological, economic, cultural, or social identity.
Any operation or set of operations performed on data or sets of personal data, with or without the use of automated means, such as collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, deletion, or destruction, constitutes personal data processing.
Operator identity
Taking into consideration article 4 point 7 of the Regulation, which defines "operator" as the natural or legal person, public authority, agency, or other body that, alone or in collaboration with others, establishes the purposes and means of personal data processing, the operator that processes personal data through this website is INEDIT.WORKS SRL, based in Str. Filofteia Gheorghiu, No. 13, Room 1, Sect. 5, C.P. 50231, Bucharest, County: Bucharest, J40/17207/2018 Trade Registry Office, CUI 40240932, legally represented by Mihail Neagu, contact details mihail.neagu@inedit.works, 0723136239.
Bucharest, County: Bucharest, registered at the Trade Registry Office J40/17207/2018, having CUI 40240932, legally represented by Mihail Neagu, with contact details mihail.neagu@inedit.works, 0723136239.
Collection of personal data
What personal data is collected
The operator of this website collects, stores and processes the following personal data of / about you:
- IP
Obtaining Consent
Overview
To be legal, personal data processing must be carried out for a legitimate reason, such as the execution or conclusion of a contract, the fulfillment of a legal obligation, or on the basis of previously expressed valid consent by the data subject. In the latter situation, the operator must be able to demonstrate that the individual in question consented to the processing. The permission expressed under the rule of Directive 95/46/EC remains valid if it fits the GDPR's criteria.
Consent must be communicated in the form of a statement or an unequivocal action that demonstrates the data subject's freely expressed, specific, informed, and clear consent to the processing of his personal data. If the data subject's consent is given in the context of a statement, in electronic or written form, that also refers to other things, the request for consent must be presented in a way that clearly distinguishes it from the other matters, which can even be accomplished by clicking a box. In order for the processing of personal data to be legal, the GDPR requires that it be carried out on the basis of a legitimate reason, such as the execution or conclusion of a contract, the fulfillment of a legal obligation, or on the basis of the valid consent previously expressed by the data subject. In the latter case, the operator is required to be able to prove that the person in question has given his consent for the respective processing. The consent expressed under the rule of Directive 95/46/EC remains valid if it meets the conditions provided by the GDPR.
Cookies
This website employs the use of cookies. They do not harm your computer and do not contain viruses; instead, they help to make the site easier, more efficient, and safer to use. They are little text files that are saved on your computer by the browser you are using.
Many of the cookies used are referred to as "session cookies," and they are automatically removed after you leave this site. Others are stored in your computer's memory until you erase them, allowing your browser to recognize them on subsequent visits.
You can configure your browser to notify you when cookies are being used, allowing you to decide whether to accept or reject a cookie on an individual basis. Alternatively, you may change your browser to accept cookies automatically under certain conditions, reject them always, or delete cookies when you stop your browser. The functioning of this website may be limited if cookies are disabled.
Cookies that are required to enable electronic communications or to provide certain functions that you want to use (such as the shopping cart) are stored in accordance with the provisions of GDPR art. 6 paragraph 1 lit. f), which states that processing is legal only if and to the extent that it is necessary for the purposes of the operator's or a third party's legitimate interests. As a result, the operator of this website has a legitimate interest in retaining certain cookies in order to ensure that the optimization is free of technical faults. Other cookies are also saved (for example, those used to evaluate your browsing behavior) and will be addressed individually in this text.
Consent Management Platform
This website makes use of a consent management technology called Complianz, which allows it to get, administer, and document your consent as a user.
The collection of your consent is done legally, by adhering to all legal requirements (contained in the GDPR, the guidelines of the European Court of Justice, and the IAB Europe Transparency and Consent Framework), via the platform reaching the optimization of the consent given at the time of browsing this website.
The consent management platform - Complianz - complies with European data protection regulations; personal data of visitors and users is processed solely to the degree necessary for the functionality and optimization of the site's content. The processing of users' personal data has as its legal basis the users' particular, informed, and freely expressed consent, obtained in accordance with Regulation art. 6 paragraph 1 lit. a). For further information, please see the Privacy Policy at https://complianz.io/legal/privacy-statement/?cmplz_region_redirect=true&cmplz-region=eu .
Server log files
This website's provider automatically gathers and retains the information that your browser sends to us via log files. They are as follows:
- Version and type of browser
- The operating system that was utilized
- The URL of the page that produced the original request to show the current page or item (Referrer URL)
- The accessing computer's host name
- Temporal data regarding server access
- IP address
The legal basis for such data processing is provided by GDPR art. 6 para. 1 lit. b), which authorizes data processing when it is required for the execution of a contract to which the data subject is a party or to take steps, at the data subject's request, prior to concluding a contract.
Contact by e-mail, telephone
If you contact us via e-mail, phone, or fax, your request, including all personal data you submit, will be saved and processed by us for the purpose of resolving your request, with your permission.
As a result, we will process all of the information you supply in accordance with the GDPR's legal provisions:
- only with your consent - in accordance with the provisions of art. 6 para. 1 lit. a) GDPR
- for the execution of a contract or in the pre-contractual stage - in accordance with the provisions of art. 6 para. 1 lit. b) GDPR
- for the fulfillment of the purpose and legitimate interest pursued by us, namely that of efficient processing of the requests sent by you - in accordance with the provisions of art. 6 para. 1 lit. f) GDPR.
We will store the information you supply in this manner until: In all cases except:
- Obligatory data retention periods, you can request data deletion;
- Revoke your consent to their keeping;
- Or if the purpose for their storage is no longer valid.
The purpose of processing the collected data
Part of the data collected on this site is used to:
- Providing the services we offer for your advantage (for example, resolving difficulties with our products and services, providing support services, and so on).
- Optimal site operation and optimization (statistical and analytical) - We constantly want to provide you with the greatest possible experience on our site, which is why we may collect and use information about your level of satisfaction when visiting this site, as well as invite you to fill out feedback surveys or the like.
The processing of personal data is carried out in accordance with the provisions of the General Regulation on Data Protection, based on both the consent of the data subject and reasons for the compliant execution of contracts or the realization of the legitimate interests of the operator (unless the interests prevail or the fundamental rights and freedoms of the data subject, which require the protection of personal data, especially when the data subject is a child).
User rights
Your personal data rights and the means to exercise them are as follows: the right to information, to access, to be forgotten, to be corrected, the ability to remove data, the ability to limit processing, the freedom to move data, the right to object, the right not to be subjected to a judgment primarily based on automated data processing, the right to file a complaint and go to court, the ability to revoke consent
- The right to information – you can request information on the processing activities of your personal data, on the identity of the operator and its representative or on the recipients of your data;
- The right of access – you can obtain from the operator a confirmation that personal data concerning you is being processed or not and, if so, access to the respective data and the following information: the purposes of the processing; the categories of personal data concerned; recipients or categories of recipients to whom the personal data have been or will be disclosed, especially recipients from third countries or international organizations; where possible, the period for which the personal data is expected to be stored or, if this is not possible, the criteria used to establish this period; the right to request the operator to rectify or delete personal data or restrict the processing of personal data or the right to oppose the processing, etc.
- The right to rectification – you can rectify inaccurate personal data or complete them;
- The right to delete data – You can request data erasure if their processing was illegal or in other circumstances where the law allows it.
- The right to restrict processing – you can request the restriction of processing if you dispute the accuracy of the data, as well as in other cases provided by law;
- The right to data portability – you can receive, under certain conditions, the personal data you have provided to us in a machine-readable format or request that said data be transmitted to another operator
- The right to opposition – you can object, in particular, to data processing based on the legitimate interest of the operator;
- The right not to be subjected to a judgment primarily based on automated data processing –you can ask for and obtain human intervention regarding said processing or you can express your own point of view regarding this type of processing;
- The right to file a complaint and to address the courts – you can file a complaint against the manner of personal data processing with the National Authority for the Supervision of the Processing of Personal Data and / or you can address the courts to respect your rights;
- Right to withdraw consent – in cases where the processing is based on your consent, you can withdraw it at any time. The withdrawal of consent will only have effects for the future, the processing carried out prior to the withdrawal still remaining valid.
Obligations of the data controller
Găzduire/Hosting
Personal data registered on this website are stored on CyberFolks servers. The processing of the data provided and stored complies with the following legal provisions:
- Art. 6 para. 1 lit. a) GDPR – data processing by CyberFolks is based on your consent, obtained after correct and complete information;
- Art. 6 para. 1 lit. b) GDPR – data processing by CyberFolks takes place with the purpose of fulfilling the assumed contractual obligations;
- Art. 6 para. 1 lit. f) GDPR – data processing by CyberFolks is carried out for the purposes of the legitimate interests pursued by the operator
Regardless of the purpose for which personal data is processed, the principles of legality, fairness, and transparency are upheld, as are the requirements that the personal data processed be adequate, relevant, and limited to what is required for the purposes for which it is processed.
For more information on the processing of personal data by CyberFolks, go to https://cyberfolks.ro/politica-de-confidentialitate/
We have negotiated a contract/convention/legal act with CyberFolks to ensure the processing of personal data in line with the legal laws in the field (including the possibility of incorporating and consenting to the clauses of the Terms and Conditions of the website). We comply with our obligations under Article 28 of the GDPR by selecting an external service provider who provides adequate guarantees for the implementation of appropriate technical and organizational measures, ensuring that the processing complies with the requirements of the regulation and protects your rights.
Data encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential information. This encryption can be recognized by you by the lock window ("lock icon") that appears in the browser bar and by changing the address of the respective browser from http:// to https://. Once encryption of this type is activated, the transmitted or transferred data will not be able to be seen by third parties.
According to the GDPR, if the breach of the security of personal data is likely to generate a high risk for your rights and freedoms, the operator of this website will inform you, without undue delay, about this breach, unless the supplementary provisions become incident from the same Regulation (art. 34 paragraph 3).
The data protection officer
As the provisions of the GDPR regarding the obligation to appoint a data protection officer are not applicable (art. 37 paragraph 1 - according to which the Operator and the person authorized by the operator appoint a data protection officer whenever:
- the processing is carried out by a public authority or body, with the exception of courts acting in the exercise of their jurisdictional function;
- the main activities of the operator or the person authorized by the operator consist of processing operations which, by their nature, scope and/or purposes, require a periodic and systematic monitoring of the persons concerned on a large scale; or
- the main activities of the operator or the person authorized by the operator consist in the large-scale processing of special categories of data pursuant to Article 9 or of personal data relating to criminal convictions and offences, referred to in Article 10)
for any information or clarifications regarding the operation of this website, please contact us on the following dates:
- Name: Mihail Neagu
- E-mail: mihail.neagu@inedit.works
- Tel: +40 723 136 239
- Fax:
- Address: Str. Filofteia Gheorghiu, No. 13, Room 1, Sect. 5, C.P. 50231,
Bucharest, County: Bucharest
Records of processing activities
According to the GDPR Regulation, the operator or a person authorized by the operator must maintain records of the processing operations under his control for a reasonable period of time. As a result, the following information will be included in these records:
- the operator's name and contact information;
- the aims of the processing;
- description of data subject and personal data categories;
- categories of recipients to whom personal data were or will be provided
- if applicable:
- Personal data transfers;
- the anticipated deadlines for the erasure of various categories of data;
- a general explanation of technological and organizational security measures
The above-mentioned obligation does not apply to a company or organization with fewer than 250 employees unless the processing is likely to jeopardize the data subjects' rights and freedoms, the processing is not infrequent, or the processing includes special categories of data or personal data relating to criminal convictions and offences.
Adequate technical and organizational measures
Taking into account the current state of technology, the context and purposes of the processing, as well as the risks to the rights and freedoms of natural persons, the operator implements appropriate technical and organizational measures to ensure that, by default, only personal data that are necessary for each specific purpose of the processing.
Notification of the supervisory authority in case of personal data security breach
According to art. 33 para. 1 of the GDPR, if there is a breach of personal data security, we will notify the National Authority for the Supervision of the Processing of Personal Data without undue delay and, if possible, within 72 hours at most from the date we became aware of it, unless it is unlikely to generate a risk for the rights and freedoms of natural persons.
Informing the data subject about the data security breach of personal data
Related to the provisions of art. 34 of the GDPR, if the breach of the security of personal data is likely to generate a high risk for the rights and freedoms of natural persons, we will inform the data subject without undue delay about this breach, except in situations where:
- appropriate technical and organizational safeguards have been implemented and these measures have been applied to personal data affected by the personal data breach, in particular measures to ensure that the personal data becomes unintelligible to anyone who does not is authorized to access them, such as encryption;
- further measures have been taken to ensure that the high risk for the rights and freedoms of the previously mentioned data subjects is no longer likely to materialize;
- it would require a disproportionate effort. In this situation, a public information is carried out instead or a similar measure is taken by which the persons concerned are informed in an equally effective way.
Plugins and Tools
Youtube
Our website uses plugins of the YouTube platform, which is operated by Google. The operator of the website is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
If you visit a page on our website where a YouTube plug-in has been integrated, a connection to the YouTube servers will be established. As a result, the YouTube server will be notified of the pages you have visited.
Furthermore, YouTube will be able to implant several cookies, which will allow us to gather information about our website's visitors. This information will be used to compile video statistics, among other things, with the goal of improving the site's usability and avoiding fraud attempts.
When you visit our website while signed in to your YouTube account, you authorize YouTube to directly attribute your browsing behaviors to your personal profile. You can prevent this from happening by logging out of your YouTube account.
The use of YouTube is based on our interest in presenting your online content in an attractive manner. According to art. 6 para. 1 lit. f) GDPR, this is a legitimate interest.
Considering the Judgment of 16 July 2020 (pronounced in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection offered by the Privacy Shield EU – US (Privacy Shield) does not have an appropriate character. Therefore, the transmission of personal data to the USA and other countries outside the European Economic Area (EEA) should be based on the Standard Contractual Clauses (SCC) of the European Commission.
For more information on how YouTube handles user data, see YouTube's Data Privacy Policy at: https://policies.google.com/privacy?hl=en.
Google Web Fonts
This site uses Web Fonts provided by Google to ensure consistent use of fonts on this site. But these are hosted locally.
When you access a page on this website, your browser will load, as a result of establishing a connection with Google's servers, the web fonts necessary for the correct display of text and fonts. So,
The use of Google Web Fonts is based on Art. 6 para. 1 lit. f) GDPR, there is a legitimate interest in the uniform presentation of the font on this website. If there is a consent expressed in this sense, the data will be processed exclusively on the basis of art. 6 para. 1 lit. a) GDPR.
For more information on how Google Web Fonts handles user data, see the Privacy Policy available at: https://policies.google.com/privacy?hl=en.
More details on GDPR compliance by using Google Web Fonts can be found in Google Declaration from 18 november 2022
Conclusion
This policy on personal data processing is developed in accordance with the provisions of Regulation No. 679/2016 on the protection of natural persons in relation to the processing of personal data and the free movement of such data, as well as other applicable national legal provisions..
We reserve the right to add to or amend this policy at any time. We urge that you examine the Policy on a frequent basis for accurate and up-to-date information about the handling of personal data.
A written notification can be given to the contact details listed above for additional information about this GDPR Policy, as well as to exercise any of the aforementioned rights.